Privacy Policy

1. Controller and processor

Reveni's artificial intelligence assistant (the "Service") is technologically provided by Reveni S.L. (tax ID B09662453, Madrid, Spain) and is integrated into the websites of associated e-commerce brands.

For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Spanish Organic Law 3/2018 ("LOPDGDD"), the Merchant acts as Data Controller of the personal data collected through its website, and Reveni acts as Data Processor, processing data exclusively on behalf of the Merchant and under a data processing agreement (art. 28 GDPR).

The Service is offered in a modular configuration. Each Merchant may enable one or several of the following features, and this Policy shall only apply to the end user (the "User") to the extent that the Merchant has enabled the corresponding feature:

  • Conversational assistant (chatbot): responds to queries about products, orders, returns, size guides and Merchant policies.
  • Virtual try-on: allows the User to visualize a product on their own image via photo try-on or live try-on (camera), using generative AI models.
  • Size recommendation: an indicative estimate based on data voluntarily provided by the User.
2. Personal data we collect

We collect only the data necessary to provide the Service and the features enabled by the Merchant.

  • Conversation content: text or voice messages exchanged between the User and the chatbot, including data the User voluntarily provides in the chat (such as email, name, phone or order number to handle their query).
  • Images and video: photographs uploaded by the User for photo try-on or video streams captured by the camera during live try-on, as well as the resulting AI-generated image or video.
  • Body measurement data: sex, height and weight voluntarily provided for the size recommendation.
  • Technical and usage data: IP address, session identifier, browser, language, page of origin and optional ratings on responses.

The User is not obliged to provide personal data in the conversation. We recommend not sharing sensitive information through the chat (health data, credentials, full banking details, identity documents or other special categories of data).

We do not collect biometric data. Photographs and camera captures are used exclusively to generate the product visualization.

We do not use chat content or User images to train AI models. Data is sent to AI model providers only in inference mode and under contractual agreements that expressly prohibit its use for training.

3. Purposes and legal basis

We process User data for the following purposes:

  • To respond to queries and handle requests through the chatbot (order status, returns, support, product information), based on the performance of the contract or pre-contractual measures with the Merchant (art. 6.1.b GDPR) and the Merchant's legitimate interest in providing customer service (art. 6.1.f GDPR).
  • To generate the virtual try-on visualization and the size recommendation, based on the User's explicit consent (art. 6.1.a GDPR), obtained through the acceptance checkbox before using these features.
  • To produce aggregated metrics and insights for the Merchant (volume of queries, frequent topics, satisfaction) and to improve Service quality, based on legitimate interest (art. 6.1.f GDPR). Insights shared with the Merchant are aggregated and do not allow re-identification of the User.
  • To ensure the technical operation, security and prevention of abuse or fraud, based on legitimate interest (art. 6.1.f GDPR).
  • To comply with applicable legal obligations (art. 6.1.c GDPR).

The User may withdraw their consent at any time, without affecting the lawfulness of prior processing. The User may also stop using the chatbot by closing the widget.

4. Data retention

We retain data only for as long as strictly necessary to fulfil the purposes described:

  • Photographs uploaded and AI-generated resulting images or videos are automatically deleted within a maximum of 24 hours.
  • The live try-on video stream is not stored: processing is exclusively in transit.
  • Body measurement data is processed only in memory during the session and is not persisted.
  • Conversations and data provided in the chat are retained for up to 12 months from the last interaction, unless a different period is necessary to comply with legal obligations or handle claims.
  • Technical data (logs) is retained for a maximum of 30 days for security purposes.

Once these periods have elapsed, data is irreversibly deleted or anonymized.

5. Sub-processors and international transfers

To provide the Service, Reveni relies on specialized technology providers acting as sub-processors (AI model providers, cloud infrastructure services and observability tools). Reveni maintains agreements with each sub-processor that guarantee a level of protection equivalent to that required by the GDPR and expressly prohibit the use of User data to train providers' own models.

Some providers may be located outside the European Economic Area. In such cases, transfers are carried out with the safeguards established in Chapter V of the GDPR, including standard contractual clauses and, where appropriate, supplementary measures.

6. User rights

In accordance with the GDPR and the LOPDGDD, the User has the right to access their data, request its rectification or erasure, object to processing, request its restriction, receive it in a portable format and withdraw consent at any time.

Given that images are automatically deleted within a maximum of 24 hours and the live video stream is not stored, it is possible that when exercising certain rights over such data, it may no longer be held by Reveni.

To exercise their rights, the User may contact Reveni at legal@reveni.io or by postal mail at Reveni S.L., Madrid, Spain. When a request is directed to Reveni, it will be forwarded to the Merchant in its capacity as Data Controller, and Reveni will cooperate to provide a response. Alternatively, the User may contact the Merchant directly.

The User also has the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), headquartered at C/ Jorge Juan, 6, 28001 Madrid (www.aepd.es).

7. Data security

We apply appropriate technical and organizational measures to ensure the security, confidentiality and integrity of personal data. These include encryption in transit and at rest, segregation of each Merchant's data, role-based access control, automatic deletion of images after the session and periodic security reviews.

8. Minors

The Service is not directed at minors under 16 years of age. We do not knowingly collect personal data from minors. If we become aware that data of a minor under 16 has been collected without the verifiable consent of their father, mother or legal guardian, we will proceed to delete it immediately.

9. Cookies and automated decisions

The Service widget does not install tracking cookies. The browser's local storage is used only to maintain session continuity and remember widget preferences, and is deleted when the widget session is closed or browsing data is cleared. Cookies on the Merchant's website are governed by that Merchant's cookie policy.

The Service uses AI models to generate chatbot responses, virtual try-on visualizations and, where applicable, the size recommendation. These automated decisions are indicative in nature and do not produce legal effects on the User within the meaning of Article 22 of the GDPR. The User may request human assistance at any time by contacting the Merchant.

10. Modifications and contact

Reveni reserves the right to update this Policy. Modifications shall enter into force upon publication, so Users are advised to review it periodically.

For any matter relating to the protection of personal data in the context of the Service, the User may contact Reveni's Data Protection Officer at legal@reveni.io.

Reveni S.L. — Tax ID B09662453 — Madrid, Spain

Last update: April 2026